package org.openea.eap.module.obpm.util.form;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;






public class SqlInjectionUtil
{
  private static final Logger logger = LoggerFactory.getLogger(SqlInjectionUtil.class);






  public static void filterContent(String value) {
    if (value == null || "".equals(value)) {
      return;
    }
    value = value.toLowerCase();
    String xssStr = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+";
    String[] xssArr = xssStr.split("\\|");
    for (int i = 0; i < xssArr.length; i++) {
      if (value.indexOf(xssArr[i]) > -1) {
        logger.info("警告,可能存在SQL注入风险!---> {}", value);
        throw new RuntimeException("警告,可能存在SQL注入风险!---> :" + value);
      }
    }
  }


  public static void main(String[] args) {
    String str = "' and";
    filterContent(str);
  }
}
